Anti Atvi Virus

Discussion in 'Prevx Releases' started by E A, Oct 26, 2009.

Thread Status:
Not open for further replies.
  1. E A

    E A Registered Member

    Oct 26, 2009
    My computer was attacked by a persistent virus that prevx cannot remove. What is interesting about this virus is that it targets anti virus programs specifically, preventing them from working and also preventing you from making them work again.
    Here is what this virus does that I can find (probably the tip of the iceberg):

    1. Stop windows update service periodically and disable it, preventing windows update from working. If you start it, it is being stopped within one minute or so.
    2. Disable Prevx runtime monitoring periodically and shut the service down. Prevx will restart itself, but will be shut down almost immediately.
    3. Block Prevx scans initiated by user. I suspect that the virus corrupted the prevx executable somehow.
    4. Deleted executables of my other anti virus (MallwareBites) so it cannot run at all.
    5. Prevent windows from starting in safe mode. Windows can only start in full mode.

    Another thing that I find interesting is that I cannot start a chat with Prevx support, which may mean that the virus blocks certain parts of prevx website from working. So not only the antivirus program does not work, it also blocks its support (I am assuming that they do want to contact me since I got an email to start a chat).

    I am not an expert in viruses, but I find it interesting that the virus has coded behavior to target specific anti virus programs and also coded behavior to prevent the common ways of removing it, such as safe mode.

    What does it do for its own benefit? Launch browser windows of phishing sites, both IE and Firefox. I hope thats all (but most likely not).

    At this point the only thing that I can think of is to uninstall windows. Not sure that the next OS on this computer will be windows.

    Since many consider prevx to be the top anti virus, does this mean that there is no more protection for windows anymore from viruses, even using browsers that are considered "safe" and top of the line anti virus programs?

    Any help appreciated, I basically wrote this computer off, which is quite bad since it is my main computer and I also don't want to risk using the backed up files that may contain the virus.
  2. lonelywolf

    lonelywolf Registered Member

    Jun 10, 2009
    I am not an expert either but I am using a layered approach. For me it was important to find a layered approach that will be light on system resources and will not slow down my browsing experience. That is why I am currently using Returnil home lux ( with an integrated antivirus in it, F-Prot av) and prevx free. I am also checking from time to time with Malwarebytes' free, an on demand scanner. Hope this helps.

    Last edited: Oct 26, 2009
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Sep 14, 2008
    We've seen a couple reports of a similar threat to this one - heavily armored threats fighting back adamantly against AVs. We will likely make a separate cleanup tool for these threats in particular and host it on a non-Prevx-related domain so that it can be downloaded.

    In the meantime, could you send me a PM (or email to with your email address so that we can contact you outside of our support inbox to see what we can do in terms of remote tech support to remove the threat?

    Thanks! I wouldn't count your PC out yet, however - I suspect our engineers will be able to get it fully back up and working (they haven't failed yet ;))
  4. Biscuit

    Biscuit Registered Member

    May 26, 2006
    Isle of Man

    I've often seen viruses that work this way. Just call out a local Computer engineer who will be able to clean the computer for you.
  5. Phantasm

    Phantasm Registered Member

    Jul 29, 2009
    Forget the Engineer, use UBCD4WIN xD
  6. PatG

    PatG Registered Member

    Apr 30, 2004
    South Alabama
    Or use a imaging program once a week to make an image. If something like this happens, all you have to do is just restore an image. Then you're good to go! Never fails, works every time. Numerous imaging programs out there, give it a try as a fail safe method. :)
Thread Status:
Not open for further replies.